Lucene search

CertccCVELIST:CVE-2022-40248

HistoryOct 10, 2022 - 12:00 a.m.

CVE-2022-40248 An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4

2022-10-1000:00:00

CWE-74

certcc

www.cve.org

cve-2022-40248

html injection

cert/cc vince

software vulnerability

authenticated attacker

arbitrary html

form injection

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the “Product Affected” field.

CNA Affected

[
  {
    "vendor": "CERT/CC",
    "product": "VINCE - The Vulnerability Information and Coordination Environment ",
    "versions": [
      {
        "version": "1.48.0",
        "status": "affected",
        "lessThan": "1.50.4",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/CERTCC/VINCE/issues?q=label%3Asecurity